FILE - In this Nov. 27, 2015 file photo, shoppers carry bags as they cross a pedestrian walkway near Macy's in Herald Square in New York. (AP Photo/Bebeto Matthews)

WASHINGTON (MEDIA GENERAL) — Holiday shopping season is a spending free-for-all and the government is monitoring every credit card swipe without Americans’ knowledge or consent, warn congressional Republicans.

“They know what you bought,” said Sen. David Perdue, R-Ga. “They know what you paid for it with – if you paid with a credit card or debit card.”

In other words, Macy’s knows you bought mom that vase, and so do government regulators.

But bureaucrats overseeing the project say it’s not that simple.

‘Rogue agency’

This is a major operation.

Perdue accuses the Consumer Financial Protection Bureau (CFPB), which he calls a “rogue agency,” of sucking up 95 percent of credit card purchases and storing it in unsecured facilities that are likely vulnerable to hackers.

“We’re talking Social Security [number], name, address, all of the vitals that know everything about who we are and what we do,” he cautioned.

Perdue, who sponsored a related bill, and several other GOPers pinpoint the problem as the CFPB, the post-2008 financial meltdown brainchild of consumer rights crusader-turned-senator Elizabeth Warren, operating without congressional oversight or proper security controls.

“We want to initially, as a first step, bring the CFPB back under the appropriations process of Congress,” Perdue explained. “That gives us oversight responsibility [and enforcement capabilities].”

In October, a federal court found the bureau’s structure to be unconstitutional, concentrating too much unchecked power in its director.

“The court then goes on to proclaim that the director of the CFPB is given more power and autonomy than the speaker of the house, senate majority leader, or even a Supreme Court justice,” reports The Atlantic.

But some consumer advocates see a major pitfall in the GOP’s plan to bring the CFPB under its broad congressional wing.

“You think that the senators run the appropriations process. They don’t. The lobbyists run it,” insisted Ed Mierzwinski, consumer program director at the Public Interest Research Group.

Security concerns

To guard the CFPB from gradually being stripped of power through the highly partisan congressional appropriations process, a Democratically-controlled Congress placed the newly-formed bureau under the control of the Federal Reserve in 2010 through the Dodd-Frank Act, which isn’t similarly influenced by well-funded bank lobbyists.

Mierzwinski argued, “A bunch of suits wants to control how the government spends its money. They don’t want any money spent investigating them. They’d rather have the Senate at their beck and call to investigate the CFPB.”

The CFPB aggressively pushed back on the notion that it recklessly snoops on Americans’ spending habits, asserting that it surveys account-level (not individual-level) credit card usage on a monthly basis, never coming into possession of the spenders’ individual identities.

A CFPB spokesperson released the following statement:

The Bureau’s credit card database does not contain data specific to shopping or spending or consumers’ individual purchases. These data consist of de-identified information aggregated on a monthly basis. The database does not contain information that identifies the date, the location, the merchant, or the items purchased in any transaction.

A third-party contractor, Argus, collects the raw data from banking and credit institutions and scrubs it of identifying information before sending it to the CFPB’s credit card database and other government agencies.

Argus did not speak on the record for this story, but an employee knowledgeable about the process’ inner workings revealed that the company often receives sensitive data about individuals’ spending habits with specific purchases and Social Security numbers attached.

CFPB officials argue that the bureau ensures Americans’ safety by never coming into direct possession of this granular spending information, saying “Data received or generated by the CFPB are stored in secure systems and managed according to IT security requirements that comply with Federal laws, policies, and procedures.”

But critics point out that having a contractor collect it on CFPB’s behalf doesn’t make it any safer.

After all, it was the 2014 hack of a government contractor working for another agency, the Office of Personnel Management, which led to the breach of 22.1 million sensitive personnel files maintained on OPM’s behalf.

CFPB’s future

CFPB has returned approximately $12 billion to more than 27 million American consumers in the past five years due to “unfair, deceptive, and abusive practices” by financial institutions.

In one prominent case, CFPB fined Wells Fargo $100 million for illegal practices, including the opening of thousands of fraudulent accounts without customers’ consent.

Perdue is anything but convinced.

“Remember we had a dust-up last year over the NSA and the accusations that that they were listening to our phone calls and reading our emails,” he recalled. “This is far more perverse than that, because they are doing it in the guise of protecting us.”

Mierzwinski balks at Republicans’ assertions. “The CFPB is not the NSA. It’s the first government agency that’s here to protect you,” he insisted.

Should the databases at CFPB or its contractors be hacked, Perdue predicts irreparable damage.

“It puts in jeopardy the confidence that people have in their government,” he said. “They’re not aware that their government is looking into their personal lives this way.”

At this point, Perdue’s bill to place CFPB under congressional control faces long odds in the Senate where it would need a 60-vote majority to overcome a filibuster challenge.

UPDATE: The CFPB responded to this story, requesting the addition of the following statement:

Knowing how banks and other financial institutions are treating their customers is critical for law enforcement, strong regulations, consumer education, and our overall consumer protection mandate. It is critical to have a solid factual basis for all of our work and our practices are consistent with those of other government agencies. Any suggestion to the contrary is plain wrong and undermines our work to protect consumers and hold institutions accountable. Both consumers and companies benefit when regulators make decisions based on the best information available.